Hey folks. So I spent a few hours last night reverse engineering the Threesixty 2 protocol.
The Threesixty 2 connects to a cloud service and reports data back roughly every thirty seconds.
The protocol is MQTT over TLS. Because it doesn’t use certificate pinning or CA verification it was fairly straightforward to MitM.
After forcing the traffic through to my own MQTT server the commands to control it are pretty straightforward and I was able to control all of its features with mosquitto_pub.
Given the relative complexity of forwarding its traffic to your own server, I’m not sure there’s much value in trying to publish this for local control integration, it requires some specific network conditions that aren’t trivial to achieve for a normal user.
I’d be tempted to open it up and see how reversible the hardware is. From the traffic I was able to confirm that it’s running an ESP32, so flashing it with ESPHome isna possibility, but the pins would all need to be reversed engineered, and I haven’t looked inside to see how practical this is, I’ve only had the heater just over 24 hours at this point.
Since I’m not interested in cloud connected stuff I’m tempted to just return it as I don’t really want to spend the time with it disassembled in the hopes of being able to fully reverse engineer it, I’m not even sure his feasible it is until I take it apart, and even then, hoe many people will want to strio it down to flash the ESP if it’s possible?